ekyc

2.architecture.tex (3470B)

---

 \chapter{Architecture}
 
 \section{Top-level overview}
 
 \begin{figure}[H]
     \centering
     \includegraphics[width=0.9\textwidth]{toplevel}
     \caption{Top-level project overview}
     \label{fig:arch-toplevel}
 \end{figure}
 
 The diagram above illustrates the three primary actors in the project:
 \begin{enumerate}
     \item \textbf{Customer}: the end user who wishes to deposit liquidity on the GNU Taler Exchange
     \item \textbf{GNU Taler Exchange}: the payment service subject to AML, which delegates the eKYC process to the KYCID service
     \item \textbf{KYCID}: the web service responsible for executing the eKYC process for GNU Taler Exchange
 \end{enumerate}
 
 \pagebreak
 
 The following diagram is a model of the project's planned money deposit sequence.
 
 \begin{figure}[H]
     \centering
     \includegraphics[width=0.8\textwidth]{toplevel-sequence}
     \caption{Top-level project sequence flow}
     \label{fig:arch-toplevel-sequence}
 \end{figure}
 
 The following steps are involved in the process:
 \begin{enumerate}
     \item \textbf{Deposits}: The customer deposits liquidity on a GNU Taler exchange.
     \item \textbf{Initiation of eKYC process}: As the exchange is subject to the AML, it initiates a KYC process using the KYCID service (delegation via OAuth2 authorisation flow). The customer's browser is redirected to the KYCID.
     \item \textbf{OAuth front channel, eKYC}: comprises a series of round trips between the customer's browser and the KYCID, during which the KYC process is performed. This process requires interaction with the customer, as illustrated in figure.
     \item \textbf{OAuth back channel}: Once the KYC process has been completed, the user's browser is redirected to the exchange with an authorisation code that allows it to retrieve an access token from the KYCID. This is the OAuth back channel.
     \item \textbf{Retrieve eKYC information}: the exchange can retrieve the information from the eKYC process thanks to the access token previously granted. 
     \item \textbf{Release}: once verified, if the exchange criteria are satisfied. It can release the deposits. 
 \end{enumerate}
 
 The process described above is a case study of an OAuth authorisation code flow application for GNU Taler that performs an eKYC procedure to release money.
 you can find more details on how OAuth2 works in section \ref{OAuth2-Framework}.
 
 \section{System architecture}
 
 \begin{figure}[H]
     \centering
     \includegraphics[width=0.9\textwidth]{system}
     \caption{System architecture}
     \label{fig:arch-system}
 \end{figure}
 
 The figure above on the left shows the \textbf{primary actors} in the system (listed below).
 \begin{itemize}
     \item \textbf{Client}: The client is the service that delegates the KYC process to the system. An example of this is the GNU Taler exchange.
     \item \textbf{Customer}: The user whose identity is being verified.
 \end{itemize}
 
 And on the right shows the \textbf{secondary actors} in the system (listed below).
 \begin{itemize}
     \item \textbf{SMS Provider}: The system must send SMS messages to verify the phone number. \\
         Swisscom is the SMS provider via the text messaging product, which allows SMS to be sent via a REST API.
     \item \textbf{Mail sending server}: The system must also send an email to verify the address and notify the user. An SMTP server (such as Microsoft Exchange) is required.
     \item \textbf{Persistence}: A postgres sql database to store system status.
 \end{itemize}